LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Red Hat
User Name
Password
Red Hat This forum is for the discussion of Red Hat Linux.

Notices



Reply
 
Search this Thread
Old 10-01-2003, 06:12 PM   #1
send-more-ux
LQ Newbie
 
Registered: Oct 2003
Distribution: redhat 9
Posts: 1

Rep: Reputation: 0
RHat 9 password expiration


Has anyone seen this sort of behavior?
On a Red Hat 9 installation I have aprox. 75 user accounts and four groups. For some unexplained reason every few days ALL the accounts suffer from the password expiration flag getting set to yes. When this happens I must open each account and reset the flag to no.

1 Does anyone have any insight into why the mysterious password expiration state change occurs?

2 Is there a way to globally set this flag for all accounts?
 
Old 10-01-2003, 06:35 PM   #2
usernamenumber
Member
 
Registered: Sep 2003
Location: Somerville, MA
Distribution: Fedora/RHEL currently. Red Hat, Slackware, Debian, SuSe and Mandrake at other times
Posts: 104

Rep: Reputation: 15
Your problem is with the /etc/shadow file where, along with other stuff, the password aging settings are stored (see `man 5 shadow``). These settings can be viewed and modified with the chage command. Try running chage -l on one of your users. If you see something other than 'Never' on the 'Password Expires' line then that's your culprit.

To fix, you will need to reset the 'maxdays' (maximum number of days before password expires) value to 99999, which is the default.

chage -M99999 username

should do the trick. As for how to apply this globally, I'm not sure. You may just have to write a script that runs chage on each of your users.

Good luck,
--Brad

Last edited by usernamenumber; 10-02-2003 at 09:05 AM.
 
Old 10-01-2003, 06:52 PM   #3
KevinJ
Member
 
Registered: Feb 2001
Location: Colorado Springs, CO
Distribution: Redhat v8.0 (soon to be Fedora? or maybe I will just go back to Slackware)
Posts: 857

Rep: Reputation: 30
Password expiration is not on by default. The command line utilty "chage" is used to manage this (if you are using the default password shadowing). See "man chage" for more information.

Issue a "chage -l root" or some other user to see what their settings are. Look in /etc/shadow and you can see how these settings are stored. I am not sure how this is managed beyond the individual user, but you could edit /etc/shadow by hand or script to correct this for all users.

The defaults for new users is kept in "/etc/login.defs"

If you are having to continually change these settings and people are having to continually change their passwords... you may need to be concerned. That sounds like a trojan for capturing passwords if I have ever heard of one.

-K
 
Old 10-01-2003, 06:56 PM   #4
usernamenumber
Member
 
Registered: Sep 2003
Location: Somerville, MA
Distribution: Fedora/RHEL currently. Red Hat, Slackware, Debian, SuSe and Mandrake at other times
Posts: 104

Rep: Reputation: 15
Quote:
Originally posted by KevinJ
If you are having to continually change these settings and people are having to continually change their passwords... you may need to be concerned. That sounds like a trojan for capturing passwords if I have ever heard of one.
Ooh, good one. Hadn't thought of that.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Password Expiration Policy bspicer Linux - General 7 05-12-2007 04:26 AM
Can't "Enable password expiration" scottjwoodford Linux - Software 2 06-28-2005 12:21 PM
Samba Password Expiration kharris Linux - Software 1 09-22-2003 06:25 AM
Password expiration - help klmn1 Linux - General 1 12-31-2002 12:04 AM
Password expiration klmn1 Linux - Networking 1 12-26-2002 01:08 PM


All times are GMT -5. The time now is 07:28 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration